Pages

Monday, October 4

Just going through the about:labs page in Chromium today, I found a new feature that instantly reminded me of Twitter exploit few days back where my tweets were retweeted automatically by some guy name Matsta. Many Twitter users became victim of this Cross Site Scripting (XSS) Attack.

So, what's there in the new Chromium Lab Feature? A new feature has been introduced where users can enable Webkit's XSS Auditor that provides protection against XSS attacks.

About XSS:

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users - Wikipedia

Here is the exact description of the feature from about:labs page:

"Enables WebKit's XSS Auditor (cross-site scripting protection). This feature aims to protect you from certain attacks of malicious web sites. It improves your security, but it might not be compatible with all web sites."

There is no way to find out what sites is this plug-in is compatible as of now. Also, the feature is only available in Chromium Daily Build. You can download Chromium Daily Build by running following command:

sudo add-apt-repository ppa:chromium-daily/ppa

sudo apt-get update

sudo apt-get install chromium-browser

If you have already installed Chromium, you need to run first two commands only & install the new updates. Then type about:labs in your address bar and enable XSS Auditor from labs page.